getmail -- symlink vulnerability during maildir delivery

Details

VuXML ID

8c33b299-163b-11d9-ac1b-000d614f7fad

Discovery

2004-09-19

Entry

2004-10-04

David Watson reports a symlink vulnerability in getmail.
If run as root (not the recommended mode of operation), a
local user may be able to cause getmail to write files in
arbitrary directories via a symlink attack on subdirectories
of the maildir.